Posts Tagged ‘dpkt’

Well this is new for me, further developing a working POC. Like you all know, I love new ideas and POC development, but hate the further development of POCs. This time the Firewall DNS POC just didn’t cut it, it did what I wanted it to do, but it lacked some “usability” features. These are the added features:

So I’m trying to setup a really tight server and one of the things left to secure was DNS. How do I make sure that if the server gets rooted the backdoor will not be able to connect through DNS to it’s C&C? I decided to write a custom “firewall dns”, which would only allow DNS requests if they matched a certain host. You might now be yelling things like “YOU RETARD, never code something if there is an existing and probably working alternative”, true; thing is I’ve never really done anything with DNS on a coding level so it seemed like this was my opportunity.